Stigg Is Now Officially SOC 2 Type II and ISO 27001 Compliant

Data security and reliability are fundamental elements for us at Stigg, so we chose the strongest form of compliance. Here's what we did.

Stigg Is Now Officially SOC 2 Type II and ISO 27001 Compliant

Data security and reliability are fundamental elements for us at Stigg.

As the pricing & packaging infrastructure for SaaS businesses across all industries, we provide a critical service for developers, product, and growth teams. We know it’s our responsibility to make sure our customer data is safe with us, and we continuously aim to meet and exceed industry standards as well as your expectations for the highest security controls.

Today, we’re excited to share that Stigg is now compliant with two major security frameworks — the System and Organization Controls (SOC) 2 Type II standard for security, availability, and confidentiality, as well as ISO 27001, an internationally recognized standard for security program best practices.

This provides our customers with:

  • Confidence that the data you send to Stigg is safe
  • Security and privacy that you can test and tweak your pricing and grow your revenue, without limitations
  • A comprehensive, third-party report that goes into detail about our security practices

Why We’ve Invested In Both Security Frameworks

The internet is full of comparison articles, helping companies to choose between SOC 2 or ISO 27001 to prove their compliance to customers.

While both demonstrate a level of commitment to cybersecurity practices and require an external auditor to evaluate the organization’s compliance, SOC 2 is more known in North America, while ISO 27001 is globally popular.

Stigg’s platform allows customers worldwide to manage and update their entire pricing from one place and provides data to help package offerings that sell. Because of this, Stigg is at the center of product and revenue. From day 1 of the company, we make sure that our customers never have to worry about their data being compromised.

Security is a longstanding commitment for us and going for the strongest form of compliance including ISO 27001 as well as SOC 2 Type II was the logical step to take.

The Components of Stigg’s Compliance

To achieve compliance, independent auditors conducted in-depth analyses of Stigg’s security and privacy practices. Covering all details of the audits will go beyond the scope of this article.

The following, however, stands out:

Your data is always kept safe

Stigg runs on AWS infrastructure, providing the highest security standards of AWS data centers. On top of that, Stigg implements security and isolation measures to assure that all our customer data is encrypted both at rest and in transit.

High availability from the get-go

All mission-critical logic is performed at the edge to provide network redundancy and service continuity to assure you always get our full service even if Stigg APIs are unreachable. Stigg is accessible from multiple zones and regions to reduce the potential downtime to a minimum.

We hire & train the best

Every Stigg employee is background tested, reviewed the policies, undergoes ongoing security training, and cleared action items concerning encryption, password strength, and so forth.

Security at Stigg

Completing SOC 2 Type II compliance and ISO 27001 certification is a big milestone in our ongoing dedication to data security, availability, and confidentiality.

But as part of our commitment to consistently and critically review how we collect, manage, and secure customer data, we take a number of measures to ensure that your data is as secure as possible.

This includes, but is not limited to:

  • Data encrypted at rest (AES256) and in transport (HTTPS/TLS)
  • Restricted employee access to production environments and data
  • Vulnerability Scanning on dependencies and container images
  • Third-Party Penetration Test and Security Review
  • Support for SSO/SAML authentication
  • Zero-knowledge Stigg API keys

If you’re a Stigg customer and want to see a full copy of our SOC 2 Type II report, reach out to privacy@stigg.io.